The LulzSec suspect, Cody “recursion” Kretsinger, of Tempe, Arizona, was charged with conspiracy and the unauthorised impairment of a protected computer, according to an unsealed federal indictment. Kretsinger is accused of taking part in a SQL injection attack against Sony earlier this summer. If convicted, he faces up to 15 years in prison, according to a statement from the FBI.

The Anonymous suspect, who the FBI has not yet named, lives in San Francisco and has been charged with attacking Santa Cruz County government Websites, FBI officials told Fox News. The suspected member is apparently homeless, according to the report. It is likely that the suspect relied on cheap or free Internet services at coffee houses, cafes and libraries, Graham Cluley, senior technology consultant at Sophos, wrote on the Naked Security blog.

Anonymous Retort

“#Fauxnews reported that the 8th @LulzSec member was arrested. Finally reached count of -1. Now, how do you arrest negative numbers?” Anonymous posted on the AnonymousIRC’s Twitter account. It has been long believed that LulzSec consisted of seven members.

More warrants are currently being executed in New Jersey, Minnesota and Montana, according to Fox News.

LulzSec is often considered a splinter group from the collective Anonymous, a loose collection of cyber-savvy individuals who band together claiming to fight for Internet freedoms. Anonymous has defaced and shut down Websites belonging to the music industry, companies that severed ties with WikiLeaks and various government agencies. LulzSec burst onto the scene in May and attacked a wide range of sites for “lulz” or for laughs and entertainment. While the group officially disbanded in June, many of them remained active in later Anonymous operations.

The FBI and international law-enforcement agencies have been investigating the attacks and making arrests for the past few months. In July, 16 alleged Anonymous members were arrested in the United Kingdom and the United States. Since then, two other individuals have been arrested, who are thought to have shared the online name “Kayla” and were among the founders of LulzSec.

“They brought too much attention to themselves and you could expect law enforcement to find them,” Rob Rachwald, directory of strategy at Imperva, wrote on the company blog. They were “extremely unfocused” and bragged a little too much, disclosing a lot of information about their activities, which “left an electronic trail with enough footprints,” Rachwald added.

Attackers often used SQL injection in their attacks. Imperva said in a recent report that SQL injection has been responsible for 83 percent of data breaches that were the result of hacking. On average, Web applications suffered 71 SQL injection attempts an hour since July, the Imperva report found.

Attackers increasingly bypass simple defences with new attack variants and often use automated tools to launch their attacks, Imperva found. LulzSec, made SQL injection “a key part of their arsenal,” the report’s authors wrote.

Failure To Cover Tracks

According to the indictment, Kretsinger allegedly used a proxy server to mask his IP address and erased the hard drives used to carry out the Sony attack to avoid getting caught. Approximately 150,000 confidential records were stolen and posted on the LulzSec Website before being publicised on Twitter in that attack, which was launched to criticise the Japanese entertainment giant’s weak security.

As for the San Francisco suspect, using Internet systems in public places may have made it harder for authorities to track down who was launching the attack because the device is shared, Cluley said. However, many of these places also have cameras that authorities can use to gather evidence on who was using the computer at the time of the attack, he noted.

Small and midmarket organizations depend on their data as much as large enterprises depend on theirs—but the right tools for protecting a smaller organization’s data are not enterprise tools with reduced feature sets and price tags. Organizations of all sizes need to understand their exposure caused by mediocre protection, and then utilize “right-sized” technologies that […]

Shifting SMB IT and Storage Requirements This report describes how the HP Simply StoreIT program and HP MSA Storage can help small and midsized businesses (SMBs) reduce costs and improve operations by quickly and easily adding storage that is optimized for server virtualization to their IT infrastructure deployments.

You are likely faced with both increasingly demanding users and increasingly complex infrastructure requirements. At the same time, you are probably being asked to reduce IT costs without the help of added headcount. Are there times when this feels like an impossible mission?

The need for robust network security is growing, but IT security teams, resources, and budgets are shrinking at many organizations. That doesn’t mean you have to scale down your growth or skimp on key IT security areas, but it does mean you need to optimize your resources, starting with your network firewall team. Resource optimization […]